One of the questions that we get asked in support all the time at WooThemes is “Are credit cards stored in my store?”.
The short answer to the question is no. WooCommerce (and almost all e-commerce solutions) will never store a credit card number anywhere on your server. Why? Well that has to do with PCI Compliance. PCI Compliance has some very strict rules for how to store credit card information.
The rules are strict so as to make it very difficult for hackers to get your information. They are however so strict that it basically makes it impossible for a small store to have the infrastructure to store credit card numbers. That's why many payment gateways store credit card tokens.
Credit Card Tokens
What most e-commerce solutions do store is a credit card token. These tokens can be used for future transactions with that one payment gateway but it can't be used on other e-commerce sites or at a brick and mortar store. While you obviously don't want to list your credit card tokens on your website they are much more secure.
So when WooCommerce “remembers” a credit card we've actually just saved the last couple digits and stored the credit card token.
So if you notice that your WooCommerce store is saving credit card numbers you don't need to worry about it. Not a single one of our extensions does that. Your data is saved in tokens which will protect you and your customers.